<VirtualHost {{ ip_service }}:{{ reverse_proxy_port | default(443) }}>

{% if vitamui_reverse_external_protocol | default('https') | lower == 'https' %}
    SSLEngine on
    SSLCertificateFile /etc/{{ apache_service }}/certs/reverse.crt
    SSLCertificateKeyFile /etc/{{ apache_service }}/certs/reverse.key
    ServerName {{ vitamui_reverse_external_dns }}
    ServerAlias reverse.service.{{ consul_domain }}
    ServerAlias {{ ip_service }}
{% else %}
    ServerName {{ vitamui_reverse_external_dns }}
{% endif %}

{% if authorization_header_name is defined and authorization_header_name | length %}
    # Reads the value of authorization_header_name into TempValue
    SetEnvIf {{ authorization_header_name }} ".+" TempValue=$0
    # Overwrite the value of "Authorization" header
    RequestHeader set Authorization %{TempValue}e env=TempValue
    # Unset the value of authorization_header_name
    RequestHeader unset {{ authorization_header_name }}
{% endif %}

    ProxyPreserveHost on
    AllowEncodedSlashes NoDecode

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
    CustomLog logs/{{ vitamui_site_name }}_log combined
    ErrorLog logs/{{ vitamui_site_name }}_error

    # Enable SSL for the Reverse proxy
    SSLProxyEngine on
    # Client CA path
    SSLProxyCACertificatePath /etc/{{ apache_service }}/ca/{{ vitamui_site_name }}
    # Don't check the CN of the server's certificate
    SSLProxyCheckPeerCN off
    # Don't check the hostname of the server
    SSLProxyCheckPeerName off
    KeepAlive Off

    # Filter to change url inside html and js files
    AddOutputFilterByType SUBSTITUTE text/html
    AddOutputFilterByType SUBSTITUTE text/javascript
    AddOutputFilterByType SUBSTITUTE application/javascript
    SubstituteMaxLineLength 12M

    # UI IDENTITY ADMIN
{% for host in groups['hosts_ui_identity_admin'] %}
    ProxyPassMatch ^/identity-admin/(.*)$ {{ 'https' if vitamui.identity_admin.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.identity_admin.port_service }}/$1 {{ reverse_connection_params }}
    ProxyPassReverse /identity-admin {{ 'https' if vitamui.identity_admin.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.identity_admin.port_service }}

    <Location /identity-admin/>
        SetOutputFilter proxy-html
        ProxyHTMLURLMap /identity/ /identity-admin/
        RequestHeader unset Accept-Encoding
    </Location>
{% endfor %}

    # UI IDENTITY
{% for host in groups['hosts_ui_identity'] %}
    ProxyPassMatch ^/identity/(.*)$ {{ 'https' if vitamui.identity.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.identity.port_service }}/$1
    ProxyPassReverse /identity {{ 'https' if vitamui.identity.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.identity.port_service }}
{% endfor %}

    # UI REFERENTIAL
{% for host in groups['hosts_ui_referential'] %}
    ProxyPassMatch ^/referential/(.*)$ {{ 'https' if vitamui.referential.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.referential.port_service }}/$1
    ProxyPassReverse /referential {{ 'https' if vitamui.referential.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.referential.port_service }}
{% endfor %}

    # UI INGEST
{% for host in groups['hosts_ui_ingest'] %}
    ProxyPassMatch ^/ingest/(.*)$ {{ 'https' if vitamui.ingest.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.ingest.port_service }}/$1
    ProxyPassReverse /ingest {{ 'https' if vitamui.ingest.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.ingest.port_service }}
{% endfor %}

    # UI PASTIS
{% for host in groups['hosts_ui_pastis'] %}
    ProxyPassMatch ^/pastis/(.*)$ {{ 'https' if vitamui.pastis.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.pastis.port_service }}/$1
    ProxyPassReverse /pastis {{ 'https' if vitamui.pastis.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.pastis.port_service }}
{% endfor %}

    # UI ARCHIVE SEARCH
{% for host in groups['hosts_ui_archive_search'] %}
    ProxyPassMatch ^/archive-search/(.*)$ {{ 'https' if vitamui.archive_search.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.archive_search.port_service }}/$1
    ProxyPassReverse /archive-search {{ 'https' if vitamui.archive_search.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.archive_search.port_service }}
{% endfor %}

    # UI COLLECT
{% for host in groups['hosts_ui_collect'] %}
    ProxyPassMatch ^/collect/(.*)$ {{ 'https' if vitamui.collect.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.collect.port_service }}/$1
    ProxyPassReverse /collect {{ 'https' if vitamui.collect.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.collect.port_service }}
{% endfor %}

    # CAS SERVER
{% for host in groups['hosts_cas_server'] %}
    ProxyPassMatch ^/cas/((login|logout|extras|webjars|css|icons|favicon|images|js|serviceValidate|oauth2.0|clientredirect|oidc).*)$ {{ 'https' if vitamui.cas_server.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.cas_server.port_service }}/cas/$1 {{ reverse_connection_params }}
    ProxyPassReverse /cas {{ 'https' if vitamui.cas_server.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.cas_server.port_service }}
{% endfor %}

    # PORTAL
{% for host in groups['hosts_ui_portal'] %}
    ProxyPass / {{ 'https' if vitamui.portal.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.portal.port_service }}/ {{ reverse_connection_params }}
    ProxyPassReverse / {{ 'https' if vitamui.portal.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.portal.port_service }}/
{% endfor %}

{% for host in groups.get('hosts_ui_design_system', []) %}
    ProxyPass / {{ 'https' if vitamui.design_system.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.design_system.port_service }}/ {{ reverse_connection_params }}
    ProxyPassReverse / {{ 'https' if vitamui.design_system.secure | default(secure) | bool else 'http' }}://{{ hostvars[host]['ip_service'] }}:{{ vitamui.design_system.port_service }}/
{% endfor %}

</VirtualHost>
